2 Answers
2

There is in fact a SOA record, it's just not where you're expecting it. Let's take a look at the AUTHORITY section...keep in mind that ns1.nservers.co.uk. is not in any way affiliated with the nic.uk. nameservers, which are authoritative for co.uk..

This betrays their actual configuration: they have a single co.uk zone defined. This simplifies their configuration as they only have to maintain one file. The reason you don't get an answer section for the SOA request is because that isn't the true top of the zone. Keep in mind that this is a terrible configuration: you should never pretend to be authoritative for domains that you're not. Don't emulate this.

SOA records are mandatory. You have to stuff something in that AUTHORITY section where it is required by RFC if you expect the rest of the internet to play nicely with you. Obviously they aren't really authoritative for co.uk, but this at least tells other nameservers what the negative TTL should be.

+1 Mystery solved, thanks! It was partly shrouded by the fact that host simply replied has no SOA record for this domain, which is sort of understandable, I guess, but clearly wrong (I see now).
–
tripleeeMay 8 '14 at 17:14

SOA records pretty much regulate the identity and the update frequency of your DNS servers. If your DNS server is the only authorative DNS server for a domain (Or you control all the authoraties and have a fancy for manual actions), you can omit the SOA record with little to no impact. The only impact might be that some response caching will not happen.

In summary: DNS can work just fine without SOA, SOA just regulates updates to secondary servers, and caching. So it's a really bad idea to not have a SOA record.

Thanks. I would still appreciate a bit more detail -- what are the mechanics, which are the parts of the SOA which affect caching? (I assume the caching servers would fall back to fairly conservative TTL values if none are specified, for example?)
–
tripleeeMay 8 '14 at 10:43

I'm not entirely sure, as I haven't had to deal with a SOA record issue that wasn't internal. Have you verified if your SOA test was correct? kloth.net/services/dig.php allows you to do SOA tests, which you can then point to 8.8.8.8 the google DNS servers to make sure you get a high authority response.
–
ReacesMay 8 '14 at 11:10

Thanks for the pointer. Yes, it returns what I expect (nothing for the domain itself, just an SOA for the co.uk TLD).
–
tripleeeMay 8 '14 at 11:26

1

Only broken nameserver software will allow you to omit a SOA record. RFCs require one SOA record at the top of any zone you are authoritative for.
–
Andrew BMay 8 '14 at 15:44